New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Google Professional Cloud Developer Exam - Topic 1 Question 84 Discussion

Actual exam question for Google's Professional Cloud Developer exam
Question #: 84
Topic #: 1
[All Professional Cloud Developer Questions]

You have an application that uses an HTTP Cloud Function to process user activity from both desktop browser and mobile application clients. This function will serve as the endpoint for all metric submissions using HTTP POST.

Due to legacy restrictions, the function must be mapped to a domain that is separate from the domain requested by users on web or mobile sessions. The domain for the Cloud Function is https://fn.example.com. Desktop and mobile clients use the domain https://www.example.com. You need to add a header to the function's HTTP response so that only those browser and mobile sessions can submit metrics to the Cloud Function. Which response header should you add?

Show Suggested Answer Hide Answer
Suggested Answer: C

by Filiberto at May 31, 2024, 03:32 PM

Limited Time Offer

25%

Off

Get Premium Professional Cloud Developer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nadine
3 months ago
Why is fn.example.com even separate? That’s odd!
upvoted 0 times
...
Flo
3 months ago
Wait, can we really use wildcards in that header?
upvoted 0 times
...
Isabella
3 months ago
I’m leaning towards D, seems more secure.
upvoted 0 times
...
Nguyet
4 months ago
Definitely not A, that opens it up too much!
upvoted 0 times
...
Hershel
4 months ago
I think option B is the right choice. It allows both domains.
upvoted 0 times
...
Owen
4 months ago
I recall that we need to restrict access to just the desktop and mobile clients, so I think option D could be the correct answer.
upvoted 0 times
...
James
4 months ago
I’m a bit confused about the wildcard in option A. I thought it would be too permissive for this scenario.
upvoted 0 times
...
Charolette
4 months ago
I think we practiced a similar question about allowing specific origins. I feel like option B might be the right choice since it allows both domains.
upvoted 0 times
...
Glynda
5 months ago
I remember we discussed CORS headers in class, but I'm not entirely sure which one to choose here.
upvoted 0 times
...
Thersa
5 months ago
This seems straightforward. The question states that the Cloud Function is on a separate domain, so the correct answer must be option C to allow access from that specific domain.
upvoted 0 times
...
Corazon
5 months ago
Okay, I think I've got it. Since the Cloud Function is on a separate domain (fn.example.com) from the desktop and mobile clients (www.example.com), we need to set the Access-Control-Allow-Origin header to the client domain, which is option D.
upvoted 0 times
...
Dominga
5 months ago
Hmm, I'm a bit confused. The question mentions that the Cloud Function is on a separate domain, but it's not clear if that means the desktop and mobile clients are on a different domain as well. I'll need to think this through carefully.
upvoted 0 times
...
Gaston
5 months ago
This seems like a straightforward CORS-related question. I think the key is to identify the correct domain that should be allowed to access the Cloud Function.
upvoted 0 times
...
Dahlia
5 months ago
The PA-Series is a good general-purpose firewall, but for a microservices environment, I'd go with the VM-Series. It's designed to be more flexible and scalable for virtualized and cloud-based deployments.
upvoted 0 times
...
Theron
5 months ago
Wait, I thought T1 connections had a higher bandwidth than that. Let me double-check my notes... Ah, I see, the maximum bandwidth is 1.544 Mbps. Thanks for the refresher, I'm feeling more confident now.
upvoted 0 times
...
Mi
5 months ago
I think the special folder permission is "Delete". That allows you to remove the folder and all its contents, which seems more powerful than just read or modify access.
upvoted 0 times
...
Nadine
5 months ago
I keep mixing up 'docker run' and 'docker exec.' I need to double-check which one is appropriate for an already running container.
upvoted 0 times
...
Justine
9 months ago
Hmm, I'm leaning towards B. Seems like a good compromise to allow any subdomain under example.com. Keeps things flexible, you know?
upvoted 0 times
...
Chi
9 months ago
Hold up, why not just make it accessible to everyone? I mean, who needs security these days, right? *wink wink*
upvoted 0 times
Luisa
8 months ago
Exactly, we want to ensure that only requests from the designated domains are allowed to access the function.
upvoted 0 times
...
Rosalind
8 months ago
C) Access-Control-Allow-Origin: https://fn.example.com
upvoted 0 times
...
Francine
8 months ago
No, we need to restrict it to only the specified domains for security reasons.
upvoted 0 times
...
Keva
9 months ago
A) Access-Control-Allow-Origin: *
upvoted 0 times
...
...
Ronald
10 months ago
I agree with Bethanie. C is the way to go here. Gotta keep those pesky hackers out, you know?
upvoted 0 times
Gerald
9 months ago
C) Access-Control-Allow-Origin: https://fn.example.com
upvoted 0 times
...
Theodora
9 months ago
B) Access-Control-Allow-Origin: https://*.example.com
upvoted 0 times
...
Clorinda
9 months ago
A) Access-Control-Allow-Origin: *
upvoted 0 times
...
...
Bethanie
10 months ago
Option C is the correct answer. The Cloud Function should only allow requests from the domain that users access, which is https://www.example.com.
upvoted 0 times
Lorrie
9 months ago
C) Access-Control-Allow-Origin: https://fn.example.com
upvoted 0 times
...
Kelvin
9 months ago
B) Access-Control-Allow-Origin: https://*.example.com
upvoted 0 times
...
Hyman
9 months ago
A) Access-Control-Allow-Origin: *
upvoted 0 times
...
...
Allene
11 months ago
I agree with Ahmad, C) Access-Control-Allow-Origin: https://fn.example.com makes sense because it restricts submissions to the Cloud Function from the specific domain
upvoted 0 times
...
Lacresha
11 months ago
I disagree, I believe the header should be A) Access-Control-Allow-Origin: *
upvoted 0 times
...
Ahmad
11 months ago
I think the correct header to add is C) Access-Control-Allow-Origin: https://fn.example.com
upvoted 0 times
...

Save Cancel